Skip to content

Bump ruff from 0.12.10 to 0.15.2#40

Merged
debu-sinha merged 5 commits intomainfrom
dependabot/pip/ruff-0.15.2
Feb 23, 2026
Merged

Bump ruff from 0.12.10 to 0.15.2#40
debu-sinha merged 5 commits intomainfrom
dependabot/pip/ruff-0.15.2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 23, 2026
edited
Loading

Bumps ruff from 0.12.10 to 0.15.2.

Release notes

Sourced from ruff's releases.

0.15.2

Release Notes

Released on 2026-02-19.

Preview features

Bug fixes

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.2

Released on 2026-02-19.

Preview features

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from debu-sinha as a code owner February 23, 2026 15:01
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 23, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@debu-sinha
Add policy-as-code engine, SBOM generation, and scanner hardening
70f6363 
Introduce YAML-based policy engine for CI/CD enforcement with threshold
gates, scanner toggles, and OWASP category blocks. Wire policy flag into
CLI with --policy option. Add example corporate and strict policies.

Publish workflow now generates CycloneDX SBOM attached to GitHub releases.
Installation scanner detects group:runtime in pip show output. Skill scanner
env harvesting regex tightened to reduce false matches.

Bump version to 0.4.5.
@debu-sinha
Add threat model, whitepaper outline, and ecosystem study infrastructure
5b3eb32 
STRIDE-based threat model covering 4 agent attack surfaces with attack
trees and mitigations mapped to OWASP ASI01-ASI10.

Whitepaper outline for conference submission targeting the static analysis
approach to AI agent security with empirical MCP ecosystem study.

State of MCP Security 2026 report summarizing 593 findings across 50
servers with cross-surface correlation analysis.

New scripts: run_ecosystem_study.py for scalable 200-500 server scanning
with cross-surface analysis and resume capability, compare_scanners.py
for head-to-head evaluation against mcp-scan and Cisco MCP Scanner.
@debu-sinha
Add red-team benchmark, demo target, and recording scripts
15c1e7a 
Red-team benchmark with 50 adversarial test cases across 4 attack
surfaces validating scanner detection and FP suppression capabilities.

Demo environment with intentionally vulnerable OpenClaw configuration
for live scanning demonstrations. Includes asciinema recording script
and guided demo walkthrough.
@dependabot dependabot bot force-pushed the dependabot/pip/ruff-0.15.2 branch from dd8152a to 9ff94f3 Compare February 23, 2026 16:42
debu-sinha and others added 2 commits February 23, 2026 11:48
@debu-sinha
Revert v0.4.5 changes — private research artifacts accidentally commi…
8624aa6 
…tted

Reverts commits 70f6363, 5b3eb32, and 15c1e7a which contained internal
research scripts, demo fixtures, conference paper drafts, and benchmark
infrastructure that should not be in the public repository.

Production features (policy engine, SBOM, scanner fixes) will be
re-committed properly after review.
@dependabot
Bump ruff from 0.12.10 to 0.15.2
06adaa3 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.12.10 to 0.15.2.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.12.10...0.15.2)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.15.2
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/pip/ruff-0.15.2 branch from 9ff94f3 to 06adaa3 Compare February 23, 2026 16:49
@debu-sinha debu-sinha merged commit b962e0d into main Feb 23, 2026
14 checks passed
@dependabot dependabot bot deleted the dependabot/pip/ruff-0.15.2 branch February 23, 2026 19:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@debu-sinha debu-sinha Awaiting requested review from debu-sinha debu-sinha is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@debu-sinha